CVE-2008-1613

{"id": "CVE-2008-1613", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-04-22T04:41:00.000", "references": [{"url": "http://secunia.com/advisories/29843", "source": "cve@mitre.org"}, {"url": "http://www.irmplc.com/index.php/167-Advisory-026", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/491139/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28872", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41924", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5482", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29843", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.irmplc.com/index.php/167-Advisory-026", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/491139/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28872", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41924", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5482", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en RD.asp de RedDot CMS 7.5 Build 7.5.0.48, y posiblemente otras versiones incluyendo 6.5 y 7.0, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro LngId."}], "lastModified": "2024-11-21T00:44:55.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:reddot:cms:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9625E4A6-4BD9-4BB9-B766-343FB936EED1"}, {"criteria": "cpe:2.3:a:reddot:cms:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CBA2389-D719-4FC3-82E9-25D53744DB25"}, {"criteria": "cpe:2.3:a:reddot:cms:7.5:build_7.5.0.48:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECC6FE8B-66CE-49BD-92E3-1C3034D7073C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}